<?php
if($_SESSION['group_id']!=1){redir("./");exit;}
$branch_id=$_GET['branch_id'];
if($_GET['op']==''){
	if($_POST['del']!=''){
		$m_ids=$_POST['m_ids'];
		if($m_ids!=''){
			foreach($m_ids as $m_id){
				mysql_query("delete from course where m_id='$m_id'");
				mysql_query("delete from course_regis where m_id='$m_id'");
				mysql_query("delete from examination where m_id='$m_id'");
				mysql_query("delete from member where m_id='$m_id'");
				mysql_query("delete from news where m_id='$m_id'");
			}
		}
		redir("?mod=$mod&branch_id=$branch_id&".time());exit;
	}
?>
<div class="box">
  <h3>รายชื่อสมาชิก</h3>
  <div>
  	<form method="get">
		<input name="search" value="<?php echo $search;?>" />
		<input type="hidden" name="mod" value="<?php echo $mod;?>" />
        <input type="hidden" name="branch_id" value="<?php echo $branch_id;?>" />
		<input type="submit" value="ค้นหา" />
	</form>
  </div>
  <div class="boxContent">
  <?php
  $where=" and (m_username like '%$search%' or m_name like '%$search%')";
  $sql="select * from member where status_id!=3 and group_id!=1 and branch_id=$_GET[branch_id] $where order by group_id asc,m_name asc";
  $res=mysql_query($sql);
  $page=$_GET['page'];
  if(!$page)$page=1;
  $allrows=mysql_num_rows($res);
  $allpage=ceil($allrows/$cfg_limit);
  $limitstart=($page-1)*$cfg_limit;
  $sql.=" limit $limitstart,$cfg_limit";
  $res=mysql_query($sql);
  $pageurl="?mod=$mod&branch_id=$branch_id&search=$search";
  if($allrows>0){
  ?>
    <form method="post">
	<table width="100%">
      <tr>
        <td width="10" align="center"><a class="select" style="cursor:pointer;">เลือกทั้งหมด</a></td>
        <td><strong>รหัสประจำตัว</strong></td>
        <td><strong>ชื่อ-สกุล</strong></td>
		<td align="center"><strong>กลุ่ม</strong></td>
		<td align="center"><strong>สถานะ</strong></td>
        <td colspan="3" align="center"><strong>ดำเนินการ</strong></td>
	  </tr>
	  <?php
	  	$res=mysql_query($sql);
		$i=0;
	  	while($row=mysql_fetch_assoc($res)){
			++$i;
	  		$class=($i%2!=0)?'rowA':'rowB';
			$status=mysql_fetch_assoc(mysql_query("select * from status where status_id='$row[status_id]'"));
			$groups=mysql_fetch_assoc(mysql_query("select * from groups where group_id='$row[group_id]'"));
	  ?>
      <tr class="<?php echo $class;?>">
        <td width="10" align="center"><input type="checkbox" name="m_ids[]" value="<?php echo $row['m_id']?>" /></td>
        <td><?php echo $row['m_code'];?></td>
        <td><?php echo $row['m_name'];?></td>
		<td align="center"><?php echo $groups['group_name'];?></td>
		<td align="center"><?php echo $status['status_name'];?></td>
        <td align="center"><?php if($row['status_id']==0)echo "<a href=?mod=$mod&branch_id=$branch_id&op=approve&m_id=$row[m_id] onclick=\"return confirm('ยืนยันการอนุมัติ');\">อนุมัติ</a>";else echo "-";?></td>
        <td align="center"><?php echo "<a href=?mod=$mod&branch_id=$branch_id&op=edit&m_id=$row[m_id]>แก้ไข</a>";?></td>
        <td align="center"><?php echo "<a href=?mod=$mod&branch_id=$branch_id&op=del&m_id=$row[m_id] onclick=\"return confirm('ยืนยันการลบ');\">ลบ</a>";?></td>
        </tr>
	  <?php
	  }
	  ?>
    </table>
    <div align="right">
    	<input type="submit" name="del" value="ลบที่เลือก" onclick="return confirm('คุณต้องการลบสมาชิกที่เลือกหรือไม่');" />
    	<input type="button" name="delall" value="ลบทั้งหมด" onclick="if(confirm('คุณต้องการลบสมาชิกทั้งหมดหรีอไม่'))location.href='<?php echo "?mod=$mod&branch_id=$branch_id&op=delall&search=$search";?>';" />
    </div>
	</form>
  <?php
  	pagemenu($pageurl,$page,$allpage);
  }else{
  	echo "<div id=error_msg>ไม่พบข้อมูล</div>";
  }
  ?>
  </div>
</div>
<?php
}else if($_GET['op']=='edit'){
	if($_POST['op']=='update'){
		$group_id=$_POST['group_id'];
		$m_password=$_POST['m_password'];
		$m_password2=$_POST['m_password2'];
		$m_code=$_POST['m_code'];
		$m_name=$_POST['m_name'];
		$m_tel=$_POST['m_tel'];
		$m_email=$_POST['m_email'];
		$branch_id=$_POST['branch_id'];
		$m_pic=$_POST['oldpic'];
		$pic=$_FILES['pic'];
		$tmp_name=$pic['tmp_name'];
		
		$row=mysql_fetch_assoc(mysql_query("select count(*)as num from member where m_code='$m_code' and m_id!='$_GET[m_id]'"));
		$code_num=$row['num'];
		$row=mysql_fetch_assoc(mysql_query("select count(*)as num from member where m_email='$m_email' and m_id!='$_GET[m_id]'"));
		$email_num=$row['num'];
		
		if(!$m_code)$err="กรุณากรอก รหัสประจำตัว";
		else if($code_num>0)$err="มีผู้ใช้รหัสประจำตัวนี้แล้ว";
		else if(!$m_name)$err="กรุณากรอก ชื่อ-สกุล";
		else if(!$m_tel)$err="กรุณากรอก หมายเลขโทรศัทพ์";
		else if(!$m_email)$err="กรุณากรอก อีเมลล์";
		else if(!validmail($m_email))$err="อีเมลล์ไม่ถูกต้องตามรูปแบบ";
		else if($email_num>0)$err="มีผู้ใช้ อีเมลล์ นี้แล้ว";
		else{
			
			if($m_password){
				if($m_password!=$m_password2)$err="กรุณากรอก Password ให้ตรงกัน";
				else
				{
					if($tmp_name){
						@unlink("memberpic/$m_pic");
						$ext=array_pop(explode('.',$pic['name']));
						$m_pic=md5(time()).".$ext";
						cropMaster($tmp_name,"memberpic/$m_pic",533,533);
					}
					$sql="update member set group_id='$group_id',m_password='$m_password',m_code='$m_code',m_name='$m_name',m_tel='$m_tel',m_email='$m_email',m_pic='$m_pic',branch_id='$branch_id' where m_id='$_GET[m_id]'";
					mysql_query($sql);
					redir("?mod=$mod",5);
					die("<div id=com_msg>ปรับปรุงข้อมูลสมาชิกเรียบร้อยแล้วกรุณารอสักครู่ <img src=images/load.gif></div>");
				}
			}else{
				if($tmp_name){
					@unlink("memberpic/$m_pic");
					$ext=array_pop(explode('.',$pic['name']));
					$m_pic=md5(time()).".$ext";
					cropMaster($tmp_name,"memberpic/$m_pic",533,533);
				}
				$sql="update member set group_id='$group_id',m_code='$m_code',m_name='$m_name',m_tel='$m_tel',m_email='$m_email',m_pic='$m_pic',branch_id='$branch_id' where m_id='$_GET[m_id]'";
				mysql_query($sql);
				redir("?mod=$mod&branch_id=$branch_id",5);
				die("<div id=com_msg>ปรับปรุงข้อมูลสมาชิกเรียบร้อยแล้วกรุณารอสักครู่ <img src=images/load.gif></div>");
			}
		}
	}
	$row=mysql_fetch_assoc(mysql_query("select * from member where m_id='$_GET[m_id]'"));
?>
<div class="box">
  <h2>แก้ไขข้อมูลสมาชิก</h2>
  <?php if($err)echo "<div id=error_msg>$err</div>";?>
  <div class="boxContent">
    <p> </p>
    <form method="post" enctype="multipart/form-data">
      <table width="99%" border="0" cellspacing="2" cellpadding="2">
        <tr>
          <td width="120"><strong>กลุ่ม</strong></td>
          <td>
		  	<select name="group_id">
		  	<?php
		  	$res=mysql_query("select * from groups order by group_id");
			while($groups=mysql_fetch_assoc($res)){
				$select=($groups['group_id']==$row['group_id'])?' selected ':'';
				echo "<option value=$groups[group_id] $select >$groups[group_name]</option>";
			}
		  	?>
			</select>		  </td>
        </tr>
        <tr>
          <td><strong>สาขา</strong></td>
          <td><select name="branch_id">
              <?php
					$sql="select * from department order by dep_id";
					$res=mysql_query($sql);
					while($dep=mysql_fetch_assoc($res)){
						echo "<optgroup label='$dep[dep_name]'>";
							$sql="select * from branch where dep_id='$dep[dep_id]' order by branch_id";
							$res2=mysql_query($sql);
							while($branch=mysql_fetch_assoc($res2)){
								$select=($row['branch_id']==$branch['branch_id'])?'selected':'';
								echo "<option value='$branch[branch_id]' $select>$branch[branch_name]</option>";
							}
						echo "</optgroup>";
					}
					?>
            </select>          </td>
        </tr>
		<tr>
          <td width="120"><strong>Username</strong></td>
          <td><?php echo $row['m_username'];?></td>
        </tr>
        <tr>
          <td width="120"><strong>Password</strong></td>
          <td><input name="m_password" type="password" id="m_password" /></td>
        </tr>
        <tr>
          <td><strong>Re-Password</strong></td>
          <td><input name="m_password2" type="password" id="m_password2" /></td>
        </tr>
        <tr>
          <td><strong>รหัสประจำตัว</strong></td>
          <td><input name="m_code" type="text" id="m_code" value="<?php echo $row['m_code'];?>" /></td>
        </tr>
        <tr>
          <td><strong>ชื่อ-สกุล</strong></td>
          <td><input name="m_name" type="text" id="m_name" value="<?php echo $row['m_name'];?>" /></td>
        </tr>
        <tr>
          <td><strong>หมายเลขโทรศัพท์</strong></td>
          <td><input name="m_tel" type="text" id="m_tel" value="<?php echo $row['m_tel'];?>" /></td>
        </tr>
        <tr>
          <td><strong>อีเมลล์</strong></td>
          <td><input name="m_email" type="text" id="m_email" value="<?php echo $row['m_email'];?>" /></td>
        </tr>
        <tr>
          <td><strong>รูปประจำตัว</strong></td>
          <td>
		  	<input name="pic" type="file" id="pic" />*ขนาดไม่เกิน 1000x1000 พิกเซล หรือไม่เกิน 1 MB
			<input name="oldpic" type="hidden" value="<?php echo $row['m_pic'];?>" />
			<br />
			<?php echo ($row['m_pic']!='')?"<a href=memberpic/$row[m_pic] target=_blank rel=lytebox><img src=memberpic/$row[m_pic] width=300></a>":'ยังไม่มีรูป';?>		  </td>
        </tr>
      </table>
      <table width="99%" border="0" cellspacing="2" cellpadding="2">
        <tr>
          <td align="center"><input type="submit" class="button" name="Submit" value="ปรับปรุงข้อมูล" />
              <input name="op" type="hidden" id="op" value="update" /></td>
        </tr>
      </table>
    </form>
    </p>
  </div>
</div>
<?php
}else if($_GET['op']=='approve'){
	$row=mysql_fetch_assoc(mysql_query("select * from member where m_id='$_GET[m_id]'"));
	$from="info@$cfg_domain";
	$to=$row['m_email'];
	$subject="อนุมัติการสมัครสมาชิก";
			
	$mailheaders  = "MIME-Version: 1.0\r\n";
	$mailheaders .= "Content-type: text/html; charset=utf-8 \r\n";
	$mailheaders.= "From: $cfg_domain <$from> \n";
	$mailheaders.= "Reply-To: <$from>\n\n";
			
	$msg = "ผู้ดูแลระบบจัดการเรียนการสอนออนไลน์ ได้อนุมัติให้คุณเข้าใช้งานได้แล้ว<br>";
	$msg .= "Username : $row[m_username]<br>";
	$msg .= "Password : $row[m_password]<br>";
	
	mail($to,$subject,$msg,$mailheaders);
	
	mysql_query("update member set status_id=1 where m_id='$_GET[m_id]'");
	redir("?mod=$mod&branch_id=$branch_id&".time());exit;
	
}else if($_GET['op']=='del'){
	//mysql_query("update member set status_id=3 where m_id='$_GET[m_id]'");
	mysql_query("delete from course where m_id='$_GET[m_id]'");
	mysql_query("delete from course_regis where m_id='$_GET[m_id]'");
	mysql_query("delete from examination where m_id='$_GET[m_id]'");
	mysql_query("delete from member where m_id='$_GET[m_id]'");
	mysql_query("delete from news where m_id='$_GET[m_id]'");
	
	redir("?mod=$mod&branch_id=$branch_id&".time());exit;
}else if($_GET['op']=='delall'){
	$where=" and (m_username like '%$search%' or m_name like '%$search%')";
	$sql="select * from member where status_id!=3 and group_id!=1 and branch_id=$_GET[branch_id] $where order by group_id asc,m_name asc";
	$res = mysql_query($sql);
	while($row=mysql_fetch_assoc($res)){
		mysql_query("delete from course where m_id='$row[m_id]'");
		mysql_query("delete from course_regis where m_id='$row[m_id]'");
		mysql_query("delete from examination where m_id='$row[m_id]'");
		mysql_query("delete from member where m_id='$row[m_id]'");
		mysql_query("delete from news where m_id='$row[m_id]'");
	}
	redir("?mod=$mod&branch_id=$branch_id&".time());exit;
}else if($_GET['op']=='approveall'){
	mysql_query("update member set status_id=1 where status_id=0 and branch_id='$branch_id'");
	redir("?mod=$mod&branch_id=$branch_id&".time());exit;
}
?>